'; $CNT_TMP .= headline($crow["acontent_title"], $crow["acontent_subtitle"], $template_default["article"]); $cnt_form = unserialize($crow["acontent_form"]); // save default form tracking status $default_formtracking_value = $phpwcms['form_tracking']; // check form related form tracking status if(isset($cnt_form['formtracking_off']) && $cnt_form['formtracking_off'] == 1) { $phpwcms['form_tracking'] = 0; } $form_error_text = ''; $form_cnt = $cnt_form['labelpos']== 2 ? $cnt_form['customform'] : ''; // set sender email address if(empty($cnt_form['sendertype']) || $cnt_form['sendertype'] == 'system') { $cnt_form['sender'] = $phpwcms['SMTP_FROM_EMAIL']; } elseif($cnt_form['sendertype'] == 'email' && !is_valid_email($cnt_form['sender'])) { $cnt_form['sender'] = $phpwcms['SMTP_FROM_EMAIL']; } // basic sender name check if(empty($cnt_form['sendernametype'])) { $cnt_form['sendername'] = ''; $cnt_form['sendernametype'] = ''; } elseif($cnt_form['sendernametype'] == 'system') { $cnt_form['sendername'] = $phpwcms['SMTP_FROM_NAME']; } if(empty($cnt_form['sendername'])) { $cnt_form['sendername'] = ''; } if(empty($cnt_form["error_class"])) { $cnt_form["error_class"] = 'error'; } // set enctype mode false (no upload) $cnt_form['is_enctype'] = false; /* * Browse form fields */ if(isset($cnt_form["fields"]) && is_array($cnt_form["fields"]) && count($cnt_form["fields"])) { $form_counter = 0; $cnt_form['label_wrap'] = explode('|', $cnt_form['label_wrap']); $cnt_form['label_wrap'][0] = !empty($cnt_form['label_wrap'][0]) ? trim($cnt_form['label_wrap'][0]) : ''; $cnt_form['label_wrap'][1] = !empty($cnt_form['label_wrap'][1]) ? trim($cnt_form['label_wrap'][1]) : ''; $form_field_hidden = ''; $cnt_form['regx_pattern'] = array( 'A-Z' => '/^[A-Z]+$/', 'a-Z' => '/^[a-zA-Z]+$/', 'a-z' => '/^[a-z]+$/', '0-9' => '/^[0-9]+$/', 'PHONE' => '/^[+]?([0-9]*[\.\s\-\(\)\/]|[0-9]+){3,24}$/', 'INT' => '/^[0-9\-\+]+$/', 'WORD' => '/^[\w]+$/', 'LETTER+SPACE' => '/^[a-z _\-\:]+$/i' ); if(!empty($_POST['cpID'.$crow["acontent_id"]]) && intval($_POST['cpID'.$crow["acontent_id"]]) == $crow["acontent_id"]) { $POST_DO = true; $POST_val = array(); $cache_nosave = true; } else { $POST_DO = false; } // make spam check if($POST_DO && !checkFormTrackingValue()) { $POST_ERR['spamFormAlert'.time()] = '[span_class:spamFormAlert]Your IP '.getRemoteIP().' is not allowed to send form![/class]'; } foreach($cnt_form["fields"] as $key => $value) { $form_field = ''; $form_name = html_specialchars($cnt_form["fields"][$key]['name']); $POST_name = $cnt_form["fields"][$key]['name']; switch($cnt_form["fields"][$key]['type']) { case 'text' : /* * Text */ if($POST_DO && isset($_POST[$POST_name])) { $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } else { $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; } } // $form_field .= 'validRequest($POST_val[$POST_name])) { $spaf_obj->destroy(); } else { $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? 'Captcha error' : $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } $cnt_form["fields"][$key]['value'] = ''; } // $form_field .= ' '', 'type' => 'MIX', 'dateformat' => 'm/d/Y', 'pattern' => '/.*?/' ); if($cnt_form["fields"][$key]['value']) { $cnt_form['special_value'] = str_replace( array('"', "'", "\r'"), '', $cnt_form["fields"][$key]['value'] ); $cnt_form['special_value'] = explode("\n", $cnt_form['special_value']); $cnt_form["fields"][$key]['value'] = ''; if(is_array($cnt_form['special_value']) && count($cnt_form['special_value'])) { foreach($cnt_form['special_value'] as $cnt_form['special_key'] => $cnt_form['special_val']) { $temp_array = explode('=', $cnt_form['special_val']); switch($temp_array[0]) { case 'default': $cnt_form['special_attribute']['default'] = isset($temp_array[1]) ? $temp_array[1] : ''; break; case 'type': $cnt_form['special_attribute']['type'] = isset($temp_array[1]) ? $temp_array[1] : 'MIX'; break; case 'dateformat': $cnt_form['special_attribute']['dateformat'] = isset($temp_array[1]) ? $temp_array[1] : 'm/d/Y'; break; case 'pattern': $cnt_form['special_attribute']['pattern'] = isset($temp_array[1]) ? $temp_array[1] : '/.*?/'; break; } } } } $cnt_form["fields"][$key]['value'] = isset($cnt_form['special_attribute']['default']) ? $cnt_form['special_attribute']['default'] : ''; if($POST_DO && isset($_POST[$POST_name])) { $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } else { $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; // try to check for special value if(isset($cnt_form['special_attribute']['type'])) { switch($cnt_form['special_attribute']['type']) { case 'A-Z': case 'a-Z': case 'a-z': case '0-9': case 'WORD': case 'LETTER+SPACE': case 'PHONE': case 'INT': if($cnt_form["fields"][$key]['value'] !== '' && !preg_match($cnt_form['regx_pattern'][ $cnt_form['special_attribute']['type'] ], $cnt_form["fields"][$key]['value'])) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; } /* else { $cnt_form["fields"][$key]['value'] = $cnt_form["fields"][$key]['value']; } */ break; case 'REGEX': if($cnt_form["fields"][$key]['value'] !== '' && !preg_match($cnt_form['special_attribute']['pattern'], $cnt_form["fields"][$key]['value'])) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; } break; case 'DEC': case 'FLOAT': if($cnt_form["fields"][$key]['value'] !== '' && !is_float_ex($cnt_form["fields"][$key]['value'])) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; } break; case 'IDENT': if(isset($cnt_form['special_attribute']['default']) && decode_entities($cnt_form['special_attribute']['default']) != decode_entities($cnt_form["fields"][$key]['value'])) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; } break; case 'DATE': if($cnt_form["fields"][$key]['value'] !== '' && isset($cnt_form['special_attribute']['dateformat']) && !is_date($cnt_form["fields"][$key]['value'], $cnt_form['special_attribute']['dateformat'])) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; } break; } } } } else { if(isset($cnt_form['special_attribute']['default']) && isset($cnt_form['special_attribute']['type']) && $cnt_form['special_attribute']['type'] == 'DATE' && $cnt_form['special_attribute']['default'] == 'NOW') { echo 'ja'; if(isset($cnt_form['special_attribute']['dateformat'])) { $cnt_form["fields"][$key]['value'] = date($cnt_form['special_attribute']['dateformat']); } else { $cnt_form["fields"][$key]['value'] = date('m/d/Y'); } } } // $form_field .= ''; break; case 'hidden' : /* * Hidden */ if($POST_DO && isset($_POST[$POST_name])) { $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; } else { $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; } } // $form_field_hidden .= ''; break; case 'password' : /* * Password */ if($POST_DO && isset($_POST[$POST_name])) { $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } else { $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; } } // $form_field .= '' . LF; } $form_field .= list_country($option_value, $form_value['lang']); // build value/option select menu } else { $form_value = explode("\n", $cnt_form["fields"][$key]['value']); $form_value = array_map('trim', $form_value); $form_value = array_diff($form_value, array('')); if(count($form_value)) { $form_optgroup = false; foreach($form_value as $option_value) { // search for OPTGROUP if( strpos(strtoupper($option_value), 'OPTGROUP') === 0 ) { $option_value = explode(' ', $option_value, 2); if(isset($option_value[1]) ) { $option_value = trim($option_value[1]); $form_field .= ''.LF; $form_optgroup = true; } continue; } elseif(strpos(strtoupper($option_value), '/OPTGROUP') === 0) { if($form_optgroup == true) { $form_field .= ''.LF; $form_optgroup = false; } continue; } // check if select item has specila value and name $option_value = explode('-|-', $option_value, 2); $option_label = $option_value[0]; $option_value = isset($option_value[1]) ? $option_value[1] : $option_label; if(substr($option_label, -2) === ' -') { $option_label = trim( substr($option_label, 0, strlen($option_label) -2) ); } $option_label = str_replace(' selected', '', $option_label); if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == $option_value) { $option_value .= ' selected'; } $option_value = html_specialchars($option_value); if(substr($option_value, -2) === ' -') { $form_field .= '\n"; } if($form_optgroup == true) { $form_field .= ''.LF; } } } $form_field .= ''; break; case 'list' : /* * Liste */ if($POST_DO && isset($_POST[$POST_name])) { if(is_array($_POST[$POST_name])) { $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); if(!count($POST_val[$POST_name])) { $POST_val[$POST_name] = false; } } else { $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); } if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } else { $cnt_form["fields"][$key]['value'] = str_replace(' selected', '', $cnt_form["fields"][$key]['value']); } } // $form_field .= '\n"; } if($form_optgroup == true) { $form_field .= ''.LF; } } $form_field .= ''; break; case 'checkbox' : /* * Checkbox */ if($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { if(isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) { $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); if(!count($POST_val[$POST_name])) { $POST_val[$POST_name] = ''; } } else { $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : ''; } if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } else { $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); } } // $form_value = explode("\n", $cnt_form["fields"][$key]['value']); $form_value = array_map('trim', $form_value); $form_value = array_diff($form_value, array('')); if($cnt_form["fields"][$key]['class']) { $form_field .= ''; $checkbox_class = ''; } else { $checkbox_class = ''; } if($cnt_form["fields"][$key]['style']) { $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; } else { $checkbox_style = ''; } if(count($form_value) == 1 || count($form_value) == 0 || !$form_value) { // only 1 checkbox $checkbox_value = is_array($form_value) ? implode('', $form_value) : $form_value; $checkbox_value = trim($checkbox_value); $checkbox_value = explode('-|-', $checkbox_value, 2); $checkbox_label = $checkbox_value[0]; $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; $checkbox_label = str_replace(' checked', '', $checkbox_label); if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == ($checkbox_value ? $checkbox_value : $form_name)) { $checkbox_value .= ' checked'; } $checkbox_value = $checkbox_value ? html_specialchars($checkbox_value) : $form_name; $form_field .= ''; } else { $checkbox_value = str_replace(' checked', '', $checkbox_value); $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; } $form_field .= ''; } else { // list of checkboxes $checkbox_counter = 0; $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '' : ' '; foreach($form_value as $checkbox_value) { $checkbox_value = explode('-|-', $checkbox_value, 2); $checkbox_label = $checkbox_value[0]; $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; $checkbox_label = str_replace(' checked', '', $checkbox_label); if(isset($POST_val[$POST_name]) && is_array($POST_val[$POST_name])) { foreach($POST_val[$POST_name] as $postvar_value) { if($postvar_value == $checkbox_value) { $checkbox_value .= ' checked'; } } } $checkbox_value = html_specialchars(trim($checkbox_value)); if($checkbox_counter) { $form_field .= $checkbox_spacer; } $form_field .= ''; } else { $checkbox_value = str_replace(' checked', '', $checkbox_value); $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; } $form_field .= ''; $checkbox_counter++; } } $form_field .= $checkbox_class; break; case 'radio' : /* * Radiobutton */ if($POST_DO && ( $cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false; if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } else { $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); } } // $form_value = explode("\n", $cnt_form["fields"][$key]['value']); $form_value = array_map('trim', $form_value); $form_value = array_diff($form_value, array('')); if($cnt_form["fields"][$key]['class']) { $form_field .= ''; $checkbox_class = ''; } else { $checkbox_class = ''; } if($cnt_form["fields"][$key]['style']) { $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; } else { $checkbox_style = ''; } if(count($form_value) == 1 || count($form_value) == 0 || !$form_value) { // only 1 checkbox $checkbox_value = is_array($form_value) ? implode('', $form_value) : $form_value; $checkbox_value = trim($checkbox_value); $checkbox_value = explode('-|-', $checkbox_value, 2); $checkbox_label = $checkbox_value[0]; $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; $checkbox_label = str_replace(' checked', '', $checkbox_label); if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == ($checkbox_value ? $checkbox_value : $form_name)) { $checkbox_value .= ' checked'; } $checkbox_value = $checkbox_value ? html_specialchars($checkbox_value) : $form_name; $form_field .= ''; } else { $checkbox_value = str_replace(' checked', '', $checkbox_value); $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; } $form_field .= ''; } else { // list of checkboxes $checkbox_counter = 0; $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '' : ' '; foreach($form_value as $checkbox_value) { $checkbox_value = explode('-|-', $checkbox_value, 2); $checkbox_label = $checkbox_value[0]; $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; $checkbox_label = str_replace(' checked', '', $checkbox_label); if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == $checkbox_value) { $checkbox_value .= ' checked'; } $checkbox_value = html_specialchars(trim($checkbox_value)); if($checkbox_counter) { $form_field .= $checkbox_spacer; } $form_field .= ''; } else { $checkbox_value = str_replace(' checked', '', $checkbox_value); $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; } $form_field .= ''; $checkbox_counter++; } } $form_field .= $checkbox_class; break; case 'upload' : /* * Upload */ if($cnt_form["fields"][$key]['value']) { $cnt_form['upload_value'] = str_replace('"', '', $cnt_form["fields"][$key]['value']); $cnt_form['upload_value'] = str_replace("'", '',$cnt_form['upload_value']); $cnt_form['upload_value'] = str_replace("\r'", '',$cnt_form['upload_value']); $cnt_form['upload_value'] = explode("\n", $cnt_form['upload_value']); if(is_array($cnt_form['upload_value']) && count($cnt_form['upload_value'])) { foreach($cnt_form['upload_value'] as $cnt_form['upload_key'] => $cnt_form['upload_val']) { $temp_array = explode('=', $cnt_form['upload_val']); unset($cnt_form['upload_value'][$cnt_form['upload_key']]); if(!empty($temp_array[0]) && !empty($temp_array[1])) { $cnt_form['upload_value'][$temp_array[0]] = $temp_array[1]; } } } } if(empty($cnt_form['upload_value']['folder'])) { $cnt_form['upload_value']['folder'] = 'content/form/'; } if(empty($cnt_form['upload_value']['attachment'])) { $cnt_form['upload_value']['attachment'] = 0; } if(empty($cnt_form['upload_value']['exclude'])) { $cnt_form['upload_value']['exclude'] = 'php,asp,php3,php4,php5,aspx,cfm,js'; } // if($POST_DO && isset($_FILES[$POST_name])) { $POST_val[$POST_name]['folder'] = $cnt_form['upload_value']['folder']; $POST_val[$POST_name]['attachment'] = $cnt_form['upload_value']['attachment']; $POST_val[$POST_name]['name'] = ''; $cnt_form['upload_value']['exclude'] = str_replace(' ', '', $cnt_form['upload_value']['exclude']); $cnt_form['upload_value']['exclude'] = str_replace('.', '', $cnt_form['upload_value']['exclude']); $cnt_form['upload_value']['exclude'] = explode(',', $cnt_form['upload_value']['exclude']); $cnt_form['upload_value']['exclude'] = array_diff($cnt_form['upload_value']['exclude'], array('')); $cnt_form['upload_value']['exclude'] = implode('|', $cnt_form['upload_value']['exclude']); $cnt_form['upload_value']['exclude'] = strtolower($cnt_form['upload_value']['exclude']); $cnt_form['upload_value']['regexp'] = '/(.'.$cnt_form['upload_value']['exclude'].')$/'; if($cnt_form["fields"][$key]['required'] && empty($_FILES[$POST_name]['name'])) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $POST_ERR[$key] = str_replace('{MAXLENGTH}', '', $POST_ERR[$key]); $POST_ERR[$key] = str_replace('{FILESIZE}', fsize(0, ' '), $POST_ERR[$key]); $POST_ERR[$key] = str_replace('{FILENAME}', '"n.a."', $POST_ERR[$key]); $POST_ERR[$key] = str_replace('{FILEEXT}', '"n.a."', $POST_ERR[$key]); } elseif(!empty($_FILES[$POST_name]['name'])) { $cnt_form['upload_value']['filename'] = time().'_'.$_FILES[$POST_name]['name']; if( (!empty($cnt_form['upload_value']['maxlength']) && $_FILES[$POST_name]['size'] > intval($cnt_form['upload_value']['maxlength'])) || preg_match($cnt_form['upload_value']['regexp'], strtolower($_FILES[$POST_name]['name'])) || !@move_uploaded_file($_FILES[$POST_name]['tmp_name'], PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$cnt_form['upload_value']['filename']) ) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $POST_ERR[$key] = str_replace('{MAXLENGTH}', empty($cnt_form['upload_value']['maxlength']) ? '' : fsize($cnt_form['upload_value']['maxlength'], ' '), $POST_ERR[$key]); $POST_ERR[$key] = str_replace('{FILESIZE}', fsize(empty($_FILES[$POST_name]['size']) ? 0 : $_FILES[$POST_name]['size'], ' '), $POST_ERR[$key]); $POST_ERR[$key] = str_replace('{FILENAME}', empty($_FILES[$POST_name]['name']) || trim($_FILES[$POST_name]['name'])=='' ? '"n.a."' : $_FILES[$POST_name]['name'], $POST_ERR[$key]); $POST_ERR[$key] = str_replace('{FILEEXT}', '.'.str_replace('|', ', .', str_replace(',', ', .', $cnt_form['upload_value']['exclude'])), $POST_ERR[$key]); } else { $POST_val[$POST_name]['name'] = $cnt_form['upload_value']['filename']; } } if(isset($POST_ERR[$key])) { @unlink($_FILES[$POST_name]['tmp_name']); @unlink(PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$cnt_form['upload_value']['filename']); $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } } // $form_field .= ''; } break; case 'break' : /* * Break */ if($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class']) { $form_field .= '', $form_field); break; case 'mathspam': /* * Math Spam Protect */ if($POST_DO) { $POST_val[$POST_name] = isset($_POST[$POST_name]) && trim(is_numeric($_POST[$POST_name])) ? intval($_POST[$POST_name]) : -1; $mathspam_result = $POST_val[$POST_name] * 123345 * strlen($phpwcms['db_user']); $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); $mathspam_default = isset($_POST[$POST_name.'_result']) ? trim($_POST[$POST_name.'_result']) : ''; if($mathspam_result != $mathspam_default || ($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] === ''))) { $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? 'Math spam protection error' : $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } } $form_field .= ''+', '-'=>'-', '*'=>'*', '/'=>':'); $mathspam_operation = array_rand($mathspam_calculations, 1); $mathspam_operator = $mathspam_calculations[ $mathspam_operation ]; $mathspam_number_1 = rand( $mathspam_operation === '/' ? 1 : 0 , 10); // fix divisions to avoid fractional results if($mathspam_operation === '/') { switch($mathspam_number_1) { case 1: $mathspam_number_2 = 1; break; case 2: $mathspam_number_2 = array_rand( array(1=>1, 2=>2), 1); break; case 3: $mathspam_number_2 = array_rand( array(1=>1, 3=>3), 1); break; case 4: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4), 1); break; case 5: $mathspam_number_2 = array_rand( array(1=>1, 5=>5), 1); break; case 6: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 3=>3, 6=>6), 1); break; case 7: $mathspam_number_2 = array_rand( array(1=>1, 7=>7), 1); break; case 8: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4, 8=>8), 1); break; case 9: $mathspam_number_2 = array_rand( array(1=>1, 3=>3, 9=>9), 1); break; case 10: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 5=>5, 10=>10), 1); break; } // avoid subtraction with results < 0 } elseif($mathspam_operation === '-') { $mathspam_number_2 = rand(0, $mathspam_number_1); } else { $mathspam_number_2 = rand(0, 10); } $mathspam_question = $cnt_form["fields"][$key]['value'][ $mathspam_operator ]; $mathspam_question .= ' ' . $mathspam_number_1 . ' '; $mathspam_question .= html_entities( $mathspam_operator ); //$mathspam_question .= '(%'.mt_rand(0,10000).')'; $mathspam_question .= ' ' . $mathspam_number_2 . ''; switch($mathspam_operation) { case '+': $mathspam_result = $mathspam_number_1 + $mathspam_number_2; break; case '-': $mathspam_result = $mathspam_number_1 - $mathspam_number_2; break; case '/': $mathspam_result = $mathspam_number_1 / $mathspam_number_2; break; case '*': $mathspam_result = $mathspam_number_1 * $mathspam_number_2; break; } $mathspam_result = intval($mathspam_result) * 123345 * strlen($phpwcms['db_user']); $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); // hidden field, contains the hashed result $form_field .= ''; $form_field .= ' '; $form_field .= trim( $cnt_form["fields"][$key]['value']['calc'] . ' ' . trim( $mathspam_question ) ); $form_field .= ''; break; case 'newsletter': /* * Newsletter */ $form_newletter_setting = array(); $form_newletter_setting['double_optin'] = 0; $form_value = array(); if($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { if(isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) { $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); if(!count($POST_val[$POST_name])) { $POST_val[$POST_name] = false; } } else { $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false; } if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } else { $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); } if(isset($POST_val[$POST_name])) { $form_newletter_setting['selection'] = $POST_val[$POST_name]; } else { $form_newletter_setting['selection'] = false; } } // prepare default settings for newsletter field $form_value_default = convertStringToArray($cnt_form["fields"][$key]['value'], "\n", 'UNIQUE', false); foreach($form_value_default as $form_value_nl) { $form_value_nl = explode('=', $form_value_nl, 2); $form_value_nl[0] = trim($form_value_nl[0]); $form_value_nl[1] = empty($form_value_nl[1]) ? '' : trim($form_value_nl[1]); if(empty($form_value_nl[0]) || empty($form_value_nl[1])) { continue; } else { switch($form_value_nl[0]) { case 'all': $form_value[0] = $form_value_nl[1]; break; case 'email_field': $form_newletter_setting['email_field'] = $form_value_nl[1]; break; case 'name_field': $form_newletter_setting['name_field'] = $form_value_nl[1]; break; case 'sender_email': $form_newletter_setting['sender_email'] = $form_value_nl[1]; break; case 'sender_name': $form_newletter_setting['sender_name'] = $form_value_nl[1]; break; case 'url_subscribe': $form_newletter_setting['url_subscribe'] = $form_value_nl[1]; break; case 'url_unsubscribe': $form_newletter_setting['url_unsubscribe'] = $form_value_nl[1]; break; case 'subject': $form_newletter_setting['subject'] = $form_value_nl[1]; break; case 'double_optin': $form_newletter_setting['double_optin'] = intval($form_value_nl[1]) ? 1 : 0; break; default: if( ($form_value_nl[0] = intval($form_value_nl[0])) ) { $query = _dbGet('phpwcms_subscription', '*', 'subscription_id='.$form_value_nl[0].' AND subscription_active=1'); if(isset($query[0])) { if($form_value_nl[1] == '') { $form_value_nl[1] = $query[0]['subscription_name']; } $form_value[ $form_value_nl[0] ] = $form_value_nl[1]; } else { continue; } } else { continue; } } } } $form_newletter_setting['subscriptions'] = $form_value; if($cnt_form["fields"][$key]['class']) { $form_field .= ''; $checkbox_class = ''; } else { $checkbox_class = ''; } if($cnt_form["fields"][$key]['style']) { $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; } else { $checkbox_style = ''; } // list of checkboxes $checkbox_counter = 0; $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '' : ' '; foreach($form_value as $checkbox_key => $checkbox_value) { if(isset($POST_val[$POST_name]) && is_array($POST_val[$POST_name])) { foreach($POST_val[$POST_name] as $postvar_value) { if($postvar_value == $checkbox_key) { $checkbox_key .= ' checked'; } } } if($checkbox_counter) { $form_field .= $checkbox_spacer; } $form_field .= ''; } else { $checkbox_key = str_replace(' checked', '', $checkbox_key); $checkbox_value = str_replace(' checked', '', $checkbox_value); $form_field .= 'value="' . $checkbox_key . '" checked="checked" />'; } $form_field .= ''; $checkbox_counter++; } $form_field .= $checkbox_class; break; } // try to find correct sender name if($POST_DO && $cnt_form['sendernametype'] == 'formfield_'.$POST_name) { $cnt_form['sendername'] = cleanUpForEmailHeader($cnt_form["fields"][$key]['value']); } // try to build correct subject if($POST_DO && isset($cnt_form['subjectselect']) && $cnt_form['subjectselect'] == 'formfield_'.$POST_name) { $cnt_form['subject'] .= ' '.cleanUpForEmailHeader($POST_val[$POST_name]); $cnt_form['subject'] = trim($cnt_form['subject']); } // Build the form elements if($form_field && $cnt_form["fields"][$key]['type'] != 'hidden') { if($cnt_form['labelpos'] == 2) { // custom form template $POST_name_quoted = preg_quote($POST_name, '/'); if(empty($POST_ERR[$key])) { // if error for field empty $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\].*?\[\/IF_ERROR\]/s', '', $form_cnt); $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); $form_cnt = str_replace('{ERROR:'.$POST_name.'}', '', $form_cnt); } else { // field error available $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); $form_cnt = str_replace('{ERROR:'.$POST_name.'}', html_specialchars($POST_ERR[$key]), $form_cnt); } $form_cnt = str_replace('{'.$POST_name.'}', $form_field, $form_cnt); $form_cnt = str_replace('{LABEL:'.$POST_name.'}', html_specialchars($cnt_form["fields"][$key]['label']), $form_cnt); } else { // default table if($cnt_form["fields"][$key]['type'] == 'reset' && strpos($form_cnt, '###RESET###')) { $form_cnt = str_replace('###RESET###', $form_field, $form_cnt); } else { if($cnt_form["fields"][$key]['required']) { $cnt_form['labelClass'] = 'formLabelRequired'; $cnt_form['labelReqMark'] = $cnt_form["cform_reqmark"]; } else { $cnt_form['labelClass'] = 'formLabel'; $cnt_form['labelReqMark'] = ''; } if($cnt_form['labelpos'] == 0) { // label: field if($cnt_form["fields"][$key]['type'] != 'break') { $form_cnt .= "\n".''; if($cnt_form["fields"][$key]['label'] != '') { $form_cnt .= $cnt_form['label_wrap'][0]; $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); $form_cnt .= $cnt_form['labelReqMark']; $form_cnt .= $cnt_form['label_wrap'][1]; } else { $form_cnt .= ' '; } $form_cnt .= "\n"; $form_cnt .= ''.$form_field."\n\n"; } else { // colspan for break $form_cnt .= ''.$form_field."\n"; } } else { // label: // field if($cnt_form["fields"][$key]['label'] != '') { $form_cnt .= ''.$cnt_form['label_wrap'][0]; $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); $form_cnt .= $cnt_form['labelReqMark']; $form_cnt .= $cnt_form['label_wrap'][1]."\n"; } $form_cnt .= ''.$form_field."\n"; } } } } $form_counter++; } } if(!empty($POST_DO) && empty($POST_ERR)) { $POST_attach = array(); $POST_savedb = array(); // now prepare form values for sending or storing if(isset($POST_val) && is_array($POST_val) && count($POST_val)) { // fallback solution for older forms which do not know // separate email template for "copy to" recipient if(!isset($cnt_form['template_equal'])) { $cnt_form['template_equal'] = 1; } foreach($POST_val as $POST_key => $POST_keyval) { $POST_valurl = ''; if(isset($cnt_form["copyto"]) && $cnt_form["copyto"] == $POST_key) { $cnt_form["copyto"] = $POST_keyval; } if(is_array($POST_keyval) && !isset($POST_keyval['folder'])) { // check if this is an array - but no upload value $POST_keyval = implode(', ', $POST_keyval); } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { // check if this is an array - and is an upload value $POST_valurl = PHPWCMS_URL.$POST_keyval['folder'].'/'.rawurlencode($POST_keyval['name']); if(isset($POST_keyval['attachment']) && $POST_keyval['attachment']) { $POST_attach[] = PHPWCMS_ROOT.'/'.$POST_keyval['folder'].'/'.$POST_keyval['name']; } if(!$cnt_form['template_format']) { $POST_keyval = $POST_valurl; } } // prepare for storing in database if(!empty($cnt_form['savedb'])) { $POST_savedb[$POST_key] = empty($POST_valurl) ? $POST_keyval : $POST_valurl; } // first check copy to email template related things if( !$cnt_form['template_equal'] ) { if($cnt_form['template_format_copy'] == 1) { //HTML if(is_string($POST_keyval)) { $POST_keyval_copy = html_specialchars($POST_keyval); } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { $POST_keyval_copy = ''.html_specialchars($POST_keyval['name']).''; } } else { $POST_keyval_copy = $POST_keyval; } // replace tags in email form $cnt_form['template_copy'] = str_replace('{'. $POST_key . '}', $POST_keyval_copy, $cnt_form['template_copy']); } if($cnt_form['template_format']) { //HTML if(is_string($POST_keyval)) { $POST_keyval = html_specialchars($POST_keyval); } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { $POST_keyval = ''.html_specialchars($POST_keyval['name']).''; } $cnt_form['is_html_entity'] = true; } else { // remember the HTML entity status $cnt_form['is_html_entity'] = false; } // replace tags in email form $cnt_form['template'] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form['template']); //replace tags in the success form but not for redirect. if($cnt_form["onsuccess_redirect"] !== 1) { // check if it is htmlentity if(!$cnt_form['is_html_entity'] && $cnt_form["onsuccess_redirect"] === 2) { $POST_keyval = html_specialchars($POST_keyval); } $cnt_form["onsuccess"] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form["onsuccess"]); } } $cnt_form['fe_current_url'] = PHPWCMS_URL . 'index.php' . returnGlobalGET_QueryString('rawurlencode'); $cnt_form['template'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template']); $cnt_form['template'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template']); $cnt_form['template'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template']); if( !$cnt_form['template_equal'] ) { $cnt_form['template_copy'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template_copy']); $cnt_form['template_copy'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template_copy']); $cnt_form['template_copy'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template_copy']); $cnt_form['template_copy'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template_copy']); } if($cnt_form["onsuccess_redirect"] !== 1) { $cnt_form["onsuccess"] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form["onsuccess"]); $cnt_form['onsuccess'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['onsuccess']); } $cnt_form['template'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template']); // check if "copy to" email template is equal recipient // email template and set it the same if($cnt_form['template_equal'] == 1) { $cnt_form['template_format_copy'] = $cnt_form['template_format']; $cnt_form['template_copy'] = $cnt_form['template']; } // storing in database moved to 2nd POST_ERR if section } // get email addresses of recipients and senders $cnt_form["target"] = convertStringToArray($cnt_form["target"], ';'); if(empty($cnt_form["subject"])) { $cnt_form["alt_subj"] = str_replace('http://', '', $phpwcms['site']); $cnt_form["alt_subj"] = substr($cnt_form["alt_subj"], 0, trim($phpwcms['site'], '/')); $cnt_form["subject"] = 'Webform: '.$cnt_form["alt_subj"]; } // check for BCC Addresses $cnt_form['cc'] = empty($cnt_form['cc']) ? array() : convertStringToArray($cnt_form['cc'], ';'); // first try to send copy message if(!empty($cnt_form['sendcopy']) && !empty($cnt_form["copyto"]) && is_valid_email($cnt_form["copyto"])) { $cnt_form['cc'][] = $cnt_form["copyto"]; $cnt_form['fromEmail'] = $cnt_form["copyto"]; } // check for unique recipients (target) and sender (fromEmail) if(!empty($cnt_form['checktofrom'])) { foreach($cnt_form["target"] as $value) { if(strtolower($cnt_form['fromEmail']) == strtolower($value)) { $POST_ERR[] = 'Sender’s email must be different from recipient’s email'; break; } } } } // do $POST_ERR test again to handle possible duplicates // in case 'checktofrom' = 1 if(!empty($POST_DO) && empty($POST_ERR)) { // check if there are form values which should be saved in db if(count($POST_savedb)) { $POST_savedb_sql = 'INSERT INTO '.DB_PREPEND.'phpwcms_formresult '; $POST_savedb_sql .= '(formresult_pid, formresult_ip, formresult_content) VALUES ('; $POST_savedb_sql .= $crow['acontent_id'].", '".aporeplace(getRemoteIP())."', '"; $POST_savedb_sql .= aporeplace(serialize($POST_savedb)) . "')"; $POST_savedb_sql = _dbQuery($POST_savedb_sql, 'INSERT'); } // send mail, include phpmailer class require_once ('include/inc_ext/phpmailer/class.phpmailer.php'); // now run all CC -> but sent as full email to each CC recipient if(count($cnt_form['cc'])) { $mail = new PHPMailer(); $mail->Mailer = $phpwcms['SMTP_MAILER']; $mail->Host = $phpwcms['SMTP_HOST']; $mail->Port = $phpwcms['SMTP_PORT']; if($phpwcms['SMTP_AUTH']) { $mail->SMTPAuth = 1; $mail->Username = $phpwcms['SMTP_USER']; $mail->Password = $phpwcms['SMTP_PASS']; } $mail->CharSet = $phpwcms["charset"]; if(isset($cnt_form['function_cc']) && function_exists($cnt_form['function_cc'])) { @$cnt_form['function_cc']($POST_savedb, $cnt_form, $mail); } $mail->IsHTML($cnt_form['template_format_copy']); $mail->Subject = $cnt_form["subject"]; $mail->Body = $cnt_form['template_copy']; if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { $mail->SetLanguage('en'); } $mail->From = $cnt_form['sender']; $mail->FromName = $cnt_form['sendername']; $mail->Sender = $cnt_form['sender']; $cnt_form["copytoError"] = array(); foreach($cnt_form['cc'] as $cc_email) { $mail->AddAddress($cc_email); if(!$mail->Send()) { $cnt_form["copytoError"][] = html_specialchars($cc_email.' ('.$mail->ErrorInfo.')'); } $mail->ClearAddresses(); } if(count($cnt_form["copytoError"])) { $cnt_form["copytoError"] = implode('', $cnt_form["copytoError"]); } else { unset($cnt_form["copytoError"]); } unset($mail); } // now send original message $mail = new PHPMailer(); $mail->Mailer = $phpwcms['SMTP_MAILER']; $mail->Host = $phpwcms['SMTP_HOST']; $mail->Port = $phpwcms['SMTP_PORT']; if($phpwcms['SMTP_AUTH']) { $mail->SMTPAuth = 1; $mail->Username = $phpwcms['SMTP_USER']; $mail->Password = $phpwcms['SMTP_PASS']; } $mail->CharSet = $phpwcms["charset"]; if(isset($cnt_form['function_to']) && function_exists($cnt_form['function_to'])) { @$cnt_form['function_to']($POST_savedb, $cnt_form, $mail); } $mail->IsHTML($cnt_form['template_format']); $mail->Subject = $cnt_form["subject"]; $mail->Body = $cnt_form['template']; if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { $mail->SetLanguage('en'); } if(empty($cnt_form["fromEmail"])) { $cnt_form["fromEmail"] = $phpwcms['SMTP_FROM_EMAIL']; } $mail->From = $cnt_form['sender']; $mail->FromName = $cnt_form['sendername']; $mail->Sender = $cnt_form['sender']; if(!empty($cnt_form["target"]) && is_array($cnt_form["target"]) && count($cnt_form["target"])) { foreach($cnt_form["target"] as $e_value) { $mail->AddAddress(trim($e_value)); } } else { // use default email address $mail->AddAddress($phpwcms['SMTP_FROM_EMAIL']); } if(count($POST_attach)) { foreach($POST_attach as $attach_file) { $mail->AddAttachment($attach_file); } } if(!$mail->Send()) { $CNT_TMP .= ''.html_specialchars($mail->ErrorInfo).''; } else { // check if user should be registered for newsletter if(isset($form_newletter_setting['selection']) && count($form_newletter_setting['selection'])) { // first check if neccessary form field is valid email if(isset($POST_val[ $form_newletter_setting['email_field'] ]) && is_valid_email($POST_val[ $form_newletter_setting['email_field'] ])) { // ok now I know we can store email as newsletter recipient $form_newletter_setting['email_field'] = $POST_val[ $form_newletter_setting['email_field'] ]; // now try to find fields to build recipient's name, if empty name is same as email if(!empty($form_newletter_setting['name_field'])) { // split by "+" $form_newletter_setting['name_field_tmp'] = explode('+', $form_newletter_setting['name_field']); $form_newletter_setting['name_field'] = ''; foreach($form_newletter_setting['name_field_tmp'] as $form_value_nl) { // empty - continue if(empty($form_value_nl)) continue; // now check if field name exists and build corresponding name value if(empty($POST_val[ trim($form_value_nl) ])) { $form_newletter_setting['name_field'] .= $form_value_nl; } else { $form_value_nl = trim($form_value_nl); $form_newletter_setting['name_field'] .= $POST_val[ $form_value_nl ]; } } $form_newletter_setting['name_field'] = trim($form_newletter_setting['name_field']); } if(empty($form_newletter_setting['name_field'])) { $form_newletter_setting['name_field'] = $form_newletter_setting['email_field']; } $form_newletter_setting['hash'] = shortHash( $form_newletter_setting['email_field'].time() ); // create SQL query to populate recipient into recipients db $form_newletter_setting['sql'] = 'INSERT INTO '.DB_PREPEND.'phpwcms_address '; $form_newletter_setting['sql'] .= '(address_key, address_email, address_name, address_verified, '; $form_newletter_setting['sql'] .= 'address_subscription, address_url1, address_url2) VALUES ('; $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['hash'])."', "; $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['email_field'])."', "; $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['name_field'])."', "; $form_newletter_setting['sql'] .= (empty($form_newletter_setting['double_optin']) ? 1 : 0) .", "; $form_newletter_setting['sql'] .= "'".aporeplace(serialize($form_newletter_setting['selection']))."', "; $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_subscribe']) ? '' : $form_newletter_setting['url_subscribe'])."', "; $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_unsubscribe']) ? '' : $form_newletter_setting['url_unsubscribe'])."'"; $form_newletter_setting['sql'] .= ')'; // save recipient in db and send verify message in case of double opt-in $form_newletter_setting['query_result'] = @_dbQuery($form_newletter_setting['sql'], 'INSERT'); // now send opt-in email if(!empty($form_newletter_setting['double_optin'])) { if(empty($cnt_form['verifyemail'])) { $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE.'inc_cntpart/newsletter/email/default.opt-in.txt'); if(empty($cnt_form['verifyemail'])) { $cnt_form['verifyemail'] = 'Hi {NEWSLETTER_NAME},'.LF.LF.'Someone (presumably you) on {SITE}'.LF.'subscribed to these newsletters:'.LF; $cnt_form['verifyemail'] .= '{SUBSCRIPTIONS}'.LF.LF.'The following email was requested for subscription'.LF.'{NEWSLETTER_EMAIL}'.LF.LF; $cnt_form['verifyemail'] .= 'If you requested this subscription, visit the following URL'.LF.'{NEWSLETTER_VERIFY}'.LF.'to verify and activate it.'.LF.LF; $cnt_form['verifyemail'] .= 'Ignore the message or visit the following URL'.LF.'{NEWSLETTER_DELETE}'.LF.'and nothing will happen.'.LF.LF.LF; $cnt_form['verifyemail'] .= 'With best regards'.LF.'Webmaster'.LF.LF.'--'.LF.'{DATE:m/d/Y H:i:s}, IP: {IP}'.LF; } } $form_newletter_setting['hash'] = rawurlencode($form_newletter_setting['hash']); $form_newletter_setting['selection_text'] = array(); foreach($form_newletter_setting['selection'] as $form_value_nl) { $form_newletter_setting['subscr_text'][] = '[X] '.$form_newletter_setting['subscriptions'][$form_value_nl]; } if($form_newletter_setting['email_field'] == $form_newletter_setting['name_field']) $form_newletter_setting['name_field'] = ''; $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_NAME}', $form_newletter_setting['name_field'], $cnt_form['verifyemail']); $cnt_form['verifyemail'] = str_replace('{SUBSCRIPTIONS}', implode(LF, $form_newletter_setting['subscr_text']), $cnt_form['verifyemail']); $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_EMAIL}', $form_newletter_setting['email_field'], $cnt_form['verifyemail']); $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_VERIFY}', PHPWCMS_URL.'verify.php?s='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_DELETE}', PHPWCMS_URL.'verify.php?u='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); $cnt_form['verifyemail'] = replaceGlobalRT($cnt_form['verifyemail']); if(empty($form_newletter_setting['sender_email'])) $form_newletter_setting['sender_email'] = $cnt_form['sender']; if(empty($form_newletter_setting['sender_name'])) $form_newletter_setting['sender_name'] = $cnt_form['sendername']; // now send verification email @sendEmail(array( 'recipient' => $form_newletter_setting['email_field'], 'toName' => $form_newletter_setting['name_field'], 'subject' => $form_newletter_setting['subject'], 'text' => $cnt_form['verifyemail'], 'from' => $form_newletter_setting['sender_email'], 'fromName' => $form_newletter_setting['sender_name'], 'sender' => $form_newletter_setting['sender_email'] )); } } } if($cnt_form["onsuccess_redirect"] === 1) { // redirect on success headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onsuccess"])); } elseif($cnt_form["onsuccess"]) { // success $CNT_TMP .= '' : '>'; if($cnt_form["onsuccess_redirect"] === 0) { $CNT_TMP .= ''.nl2br(html_specialchars($cnt_form["onsuccess"])).''; } else { $CNT_TMP .= $cnt_form["onsuccess"]; } $CNT_TMP .= ''; } } if(!empty($cnt_form["copytoError"])) { $CNT_TMP .= ''.$cnt_form["copytoError"].''; } unset($mail); $form_cnt = ''; } elseif(isset($POST_ERR)) { // do on POST_ERROR if(isset($_FILES)) { foreach($_FILES as $file_key => $file_val) { @unlink($_FILES[$file_key]['tmp_name']); } if(isset($POST_val) && count($POST_val)) { foreach($POST_val as $file_key => $file_val) { @unlink(PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$POST_val[$file_key]['name']); } } } if($cnt_form["onerror_redirect"] === 1) { headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onerror"])); } else { if($cnt_form["onerror"]) { if($cnt_form["onerror_redirect"] === 0) { $form_error_text = ''.nl2br(html_specialchars($cnt_form["onerror"])).''; } else { $form_error_text = $cnt_form["onerror"]; } } $POST_ERR = array_diff( $POST_ERR , array('') ); $POST_ERR = array_map( 'html_specialchars', $POST_ERR ); if($cnt_form['labelpos'] != 2 && count( $POST_ERR ) ) { $form_error = "\n"; if($cnt_form['labelpos'] == 0) { // label: field $form_error .= ''." \n"; } $form_error .= ''; $form_error .= implode("", $POST_ERR); $form_error .= "\n\n"; $form_cnt = $form_error.$form_cnt; unset($form_error); } } } else { // form was not send yet // display startup text if(!empty($cnt_form['startup'])) { if(empty($cnt_form['startup_html'])) { $CNT_TMP .= LF . ''.nl2br(html_specialchars($cnt_form['startup'])).'' . LF; } else { $CNT_TMP .= LF . $cnt_form['startup'] . LF; } } } if($form_cnt) { $form_cnt = str_replace('###RESET###', '', $form_cnt); $cnt_form["class_close"] = ''; if($cnt_form["class"]) { $CNT_TMP .= ''; $cnt_form["class_close"] = ''; $cnt_form['class'] = ' class="form-'.$cnt_form["class"].'"'; } else { $cnt_form['class'] = ''; } $CNT_TMP .= $form_error_text; $CNT_TMP .= '' : '>'; if($cnt_form['labelpos'] == 2) { if(isset($POST_ERR) && count($POST_ERR)) { $form_cnt = preg_replace('/\[IF_ERROR\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); $form_cnt = preg_replace('/\[ELSE_ERROR\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); } else { $form_cnt = preg_replace('/\[IF_ERROR\].*?\[\/IF_ERROR\]/s', '', $form_cnt); $form_cnt = preg_replace('/\[ELSE_ERROR\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); } $CNT_TMP .= "\n". $form_cnt ."\n"; } else { $CNT_TMP .= ''; $CNT_TMP .= "\n".$form_cnt.''; } $CNT_TMP .= LF . ''; $CNT_TMP .= $form_field_hidden; $CNT_TMP .= getFormTrackingValue(); //hidden form tracking field $CNT_TMP .= '' . LF . ''.$cnt_form["class_close"]; } unset( $form, $form_cnt, $form_cnt_2, $form_field, $form_field_hidden, $form_counter, $form_error_text, $POST_ERR ); // reset form tracking status to default value $phpwcms['form_tracking'] = $default_formtracking_value; ?>
'.html_specialchars($mail->ErrorInfo).'
'.nl2br(html_specialchars($cnt_form["onsuccess"])).'
'.$cnt_form["copytoError"].'
'.nl2br(html_specialchars($cnt_form["onerror"])).'
'.nl2br(html_specialchars($cnt_form['startup'])).'